Author: yoavs
Date: Wed Aug 2 09:49:57 2006
New Revision: 428048
URL: http://svn.apache.org/viewvc?rev=428048&view=rev
Log:
Address possible security vulnerability in header value parsing: escape it to
avoid someone trying an XSS attack.
Modified:
tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/jsp2/el/implicit-objects.jsp
Modified:
tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/jsp2/el/implicit-objects.jsp
URL:
http://svn.apache.org/viewvc/tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/jsp2/el/implicit-objects.jsp?rev=428048&r1=428047&r2=428048&view=diff
==============================================================================
---
tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/jsp2/el/implicit-objects.jsp
(original)
+++
tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/jsr152/examples/jsp2/el/implicit-objects.jsp
Wed Aug 2 09:49:57 2006
@@ -71,15 +71,15 @@
</tr>
<tr>
<td>\${header["host"]}</td>
- <td>${header["host"]}</td>
+ <td>${fn:escapeXml(header["host"])} </td>
</tr>
<tr>
<td>\${header["accept"]}</td>
- <td>${header["accept"]}</td>
+ <td>${fn:escapeXml(header["accept"])} </td>
</tr>
<tr>
<td>\${header["user-agent"]}</td>
- <td>${header["user-agent"]}</td>
+ <td>${fn:escapeXml(header["user-agent"])} </td>
</tr>
</table>
</code>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
